On Wednesday, Senate Rules Committee Chairman Roy Blunt (R-Mo.) abruptly canceled a vote on a bipartisan election security bill that proponents, including lead sponsors Sen. James Lankford (R-Okla.) and Sen. Amy Klobuchar (D-Minn.), had expected to sail through to a full Senate vote in October. Blunt cited a lack of support from state election officials and Republican colleagues, though the sponsors said it had ample bipartisan support to pass. On Thursday, Yahoo News reported that the bill "has been held up in the Senate at the behest of the White House," citing congressional sources.
The legislation, called the Secure Elections Act, would increase information-sharing between state and federal governments, grant security clearances to each state's top election official, create a technical advisory committee to come up with best practices to bolster cybersecurity, and, according to a summary of the legislation, "require adequate post-election auditing procedures so each election can be double-checked and verified." Notably, states would be encouraged to use voting machines with a paper record. "Paper is not antiquated," Lankford explained. "It's reliable."
White House spokeswoman Lindsay Walters said while the Trump administration "appreciates Congress' interest in election security," the Homeland Security Department "has all the statutory authority it needs to assist state and local officials to improve the security of existing election infrastructure," adding: "Do not violate the principles of federalism — elections are the responsibility of the states and local governments." Lankford told Roll Call that "we don't expect states to protect against a foreign attack." And what happens in Vegas doesn't stay in Vegas when it comes to national elections. "Your election in Delaware affects the entire country," Lankford told Yahoo. "Your election in Florida affects the entire country."
Some secretaries of state called the audit requirement an unfunded mandate. Klobuchar says she will try to add grants to the bill, but Blunt says he has no plans to revisit the legislation. Peter Weber
Last September, the Department of Homeland Security informed 21 states that the Russian government had targeted their voter registration system before the 2016 election, and on Wednesday, the DHS's head of cybersecurity, Jeanette Manfra, told NBC News that of the 21 states, "an exceptionally small number of them were actually successfully penetrated." She did not name any of the states, since the report is classified, but she said she has "no doubt" it was the Russian government, not just Russians, behind the cyberattack.
EXCLUSIVE: DHS cybersecurity head has "no doubt" that Russians penetrated voter registration systems.
Watch @CynthiaMcFadden's report tonight on @NBCNightlyNews. https://t.co/P0uUlNmVzk pic.twitter.com/eBPGTDXHZY
— NBC Nightly News with Lester Holt (@NBCNightlyNews) February 7, 2018
The Homeland Security Department was charged with protecting America's electoral system in January 2017, when outgoing DHS Secretary Jeh Johnson designated it federally protected "critical infrastructure," like the electrical grid. NBC News reached out to the 21 targeted states, and five of them said they hadn't been attacked. Manfra said she stands by the list as a "snapshot in time with the visibility that the department had at that time." She also disagreed with Johnson's assessment that states aren't adequately preparing for the 2018 and 2020 elections. "I would say they have all taken it seriously," she said.
Some states told NBC News that the federal government had not told them about specific threats, citing classification issues — Manfra said state officials will get clearance soon — while other states did not want the feds involved in their voting system. Johnson told NBC News that such concerns are "naive" and "irresponsible to the people that [states are] supposed to serve."
There is no evidence that Russia tampered with any voting rolls in the 2016 election, federal officials say. But in a new NBC News/SurveyMonkey poll, 79 percent of respondents said they were at least somewhat concerned that the U.S. electoral system is vulnerable to hacking. Peter Weber
Late Wednesday, the Securities and Exchange Commission said that it discovered last month that a 2016 hack of its computer filing system for publicly traded companies "may have provided the basis for illicit gain through trading." The "software vulnerability in the test filing component of the commission's EDGAR system" has been patched, and while the "intrusion" was discovered last year, the SEC said, it only learned about the possible use of pilfered information to trade stocks for illegal profit after SEC Chairman Jay Clayton ordered a cybersecurity review in May 2017.
The SEC statement did not say why the agency didn't disclose the breach last year, when the system was hacked, or whether specific companies were targeted. The SEC is the federal government's main Wall Street regulator. "Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic," Clayton said. "We must be vigilant. We also must recognize — in both the public and private sectors, including the SEC — that there will be intrusions, and that a key component of cyber risk management is resilience and recovery." Peter Weber
The 2016 election saw America's voter rolls swell to more than 200 million registered voters for the first time ever, and about 198 million of those people had their voter data exposed by a Republican National Committee contractor called Deep Root Analytics.
The breach was discovered by Chris Vickery, a digital security researcher, who reported the exposure to DRA so the data could be secured. The 25 terabytes of information were stored on an Amazon cloud account that could be accessed (and in some cases downloaded) without a login. The data set included voters' "names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as [algorithm-predicted] voter ethnicities and religions."
"We take full responsibility for this situation," DRA said in a statement.
This is not the first time Vickery has found a massive potential leak of voter data. In 2015, he discovered 191 million exposed voter records held by another contractor, Nation Builder, which also works with GOP candidates. Bonnie Kristian